tor-relays

tor-relays@lists.torproject.org

1 participants
4884 discussions

Recent rejection of relays
by Georg Koppen 02 Dec '21

02 Dec '21

Hello everyone! Some of you might have noticed that there is a visible drop of relays on our consensus-health website.[1] The reason for that is that we kicked roughly 600 non-exit relays out of the network yesterday. In fact, only a small fraction of them had the guard flag, so the vast majority were middle-only relays. We don't have any evidence that these relays were doing any attack, but there are attacks possible which relays could perform from the middle position. Therefore, we decided we'd remove those relays for our users' safety sake. While we were already tracking some of the relays for a while, a big chunk of them was also independently reported by a cypherpunk and nusenu helped analyzing the data. Thanks to both of them from our side. Foe what it is worth: a large part of those relays did not set any valid contact info and/or when we tried to contact some of the relays' operators the emails bounced. However, we sometimes need to have ways to reach relay operators, be it for debugging purposes or for helping them with relay misconfiguration. Thus, please set a valid contact info when running relays. Finally, anyone running relays: try to get connected to the community so we can build some trust among each other. That seems to be an essential part in our long-term strategy to fight bad relays trying to enter our network. Georg [1] https://consensus-health.torproject.org/graphs

10 16

Relays running an unsupported (EOL) Tor version
by Georg Koppen 01 Dec '21

01 Dec '21

Hello! Relays running unsupported Tor versions is a problem we have never really dealt with in a systematic way in the way. Some of you might recall that we (with the help of volunteers) tried back in 2019/2020 to get operators, running an unsupported Tor version, to upgrade[1] but then we dropped the ball. Alas. We just started that process again by contacting every relay operator running an outdated Tor version (any version not 0.3.5.x or 0.4.5.x or 0.4.6.x or 0.4.7.x) by email where possible. Additionally, we created a wiki page outlining the current process and things we still need to figure out.[2] On that page we plan to make statistics related to the EOL relay removal available as well, including the final list of relays we'll reject. Thus, stay tuned. Feedback, as always, is very much welcome! We plan to keep this topic on our radar this time while refining the process as we go. Meanwhile, if you are running a relay with an unsupported Tor version, please upgrade for the sake of our users' safety. If you need help, join us on #tor-relays or #tor-relays:matrix.org if you use Element. Thanks, Georg [1] https://blog.torproject.org/removing-end-life-relays-network [2] https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Relay-EOL-pol…

2 4

Rerouting exit relays detected - EXNODE35037
by nusenu 24 Nov '21

24 Nov '21

BadExit: Rerouting exit relays detected (1) The following exit relays are routing their traffic back into the tor network: nickname: EXNODE35037 First seen: 2021-11-22 15:00:00 Consensus weight: 1 AS: ITL LLC OR IP address: 195.123.220.84 Exit addresses: 185.220.101.138 195.123.220.84 https://atlas.torproject.org/#details/E6FBCC437A708ADC396FDE12ACF7E333BEC02… -- https://nusenu.github.io

2 1

Mystery with Exitnode 4273E6D162ED2717A1CF4207A254004CD3F5307B (176.10.99.200)
by Tschador 23 Nov '21

23 Nov '21

Hi, in the last few days I noticed a curiosity with the Exitnode 4273E6D162ED2717A1CF4207A254004CD3F5307B: Every time I call 'https://www.startpage.com', the URL in the Browser changes to 'http://localhost/'. Other browser: same effect. Other sites - no problem. Other Exitnodes - no problem with 'https://www.startpage.com' and other sites. What's going on there …? Regards

2 2

Massive CPU load on high capacity guard node
by failing.flyaway443＠mailer.me 20 Nov '21

20 Nov '21

Hello Everybody, my relay is now almost two weeks old and has the following flags: Fast, Guard, Running, Stable, V2Dir, Valid. I lost the HSDir flag because I had to restart the Tor process, my downtime was just a few seconds, maybe that's why I kept the Guard flag. I was expecting a drop in traffic when I got the Guard flag (as mentioned in the FAQ), but the opposite happened. At the moment there are around 15000 active connections, over 11000 inbound and just 4000 outbound. I looked at the connections in Nyx, and it seems that my relay is indeed used as a Guard node (most of the IPs are "scrubbed" and the outgoing connections are to middle nodes). Before I got the Guard flag, I had around 5000 connections at the same time and was relaying traffic at peaks of 55MB/s. My server is connected to a Gigabit link. It's not a regular VPS, I have a dedicated CPU with two cores and dedicated 8GB RAM. Traffic is unlimited. The problem is that I'm now relaying traffic at ~25MB/s, and whenever there are spikes of over 30MB/s the CPU load on both cores (!) is very high. I'm still moving ~5TB per day, that's a lot, I know. But there would be even more possible with the internet connection of my server. My Server has two dedicated CPU cores of an AMD EPYC 7702, but unfortunately I only get the base frequency of 2GHz inside the VM, not the boost frequency of 3,35GHz (misleading information on the hoster's website). I could relay way more traffic if there wouldn't be this issue with the CPU load. This is the bottleneck, the 1Gbit link is guaranteed. I read in the FAQ that a modern CPU with hardware acceleration is able to relay traffic @~500Mbit in both directions. The EPYC 7702 supports AES-NI. I checked this, it is activated in my VM. I'm running Debian 11 Bullseye and tweaked the networking capabilities with some instructions I found from torservers.net (mnostly sysctl.conf tweaks) There is no additional software installed that uses lots of ressources, just a few tools. Here is a screenshot of Glances during a traffic peak (I set the Tor process to +10 on purpose): https://i.ibb.co/8brmZkf/glances.png The average CPU load is ~1.50, this is still ok for a dual core, but it should stay below 2.0 (at least it should not go above 2.0 for more than a few minutes). Does anyone here have an idea what I could do? Since the load on both cores is pretty high, I don't think it makes much sense to set up a second relay on the same server. Of course I could throttle the traffic, but is there anything else I can do? I rented this rather expensive server to help the Tor network with a really fast Guard node... Thank you everyone for your time and responses! Have a great weekend! Best Regards, Elias

3 3

relayor v21.2.0-rc is released: prometheus exporter support
by nusenu 19 Nov '21

19 Nov '21

Hi, relayor v21.2.0-rc is released. relayor is an ansible role that helps you with running tor relays with minimal effort (automate everything). https://github.com/nusenu/ansible-relayor#main-benefits-for-a-tor-relay-ope… NOTE: This release contains a backwards incompatible change, if you upgrade from an older release please read the upgrade guide before upgrading. https://github.com/nusenu/ansible-relayor/wiki/Upgrade-Guide-from-version-2… This version of relayor uses MetricsPort (when enabled) via TCP on 127.0.0.1. This is less safe then using unix sockets because all processes on the system get access to tor's prometheus metrics since there is no authentication supported. When MetricsPort gets unix socket support, relayor will switch to that safer option. https://gitlab.torproject.org/tpo/core/tor/-/issues/40192 Changes since relayor v21.1.0: * major new features: * add support for tor's prometheus exporter (MetricsPort) * this is a relayor beta feature requiring tor >=0.4.7.2-alpha) #217 * generates prometheus scrape, nginx reverse and htpasswd config files on the control node for easy copy paste into your prometheus/nginx configuration * every tor instance gets an id label (IPv4_ORPort) * support arbitrary torrc options #192 * fix broken debian tag - reported by @jn9999 #224 * fix broken link - PR by @jn9999 #223 * README: * make clear that we do not remove previously managed tor instances on config change - reported by @tsekityam * update OfflineMasterKeys link * make apt update_cache configurable * drop support for Debian 9 * increase min. ansible version 2.9.23 -> 2.9.27 kind regards, nusenu -- https://nusenu.github.io

1 0

Help Censored Users, Run a Tor Bridge
by gus 18 Nov '21

18 Nov '21

Hi everyone, We're launching a campaign to get more obfs4 bridges and help censored Tor users. The campaign will run from November 17 to January 7, 2022. You can read all the details below, including our special reward kits for participants: https://blog.torproject.org/run-a-bridge-campaign/ Join us and help censored users! Gus -- The Tor Project Community Team Lead

1 0

Loss of Stable flag
by Arlen Yaroslav 16 Nov '21

16 Nov '21

Hello to all relay operators! My relay Deepsky (09A70E396DE93F54D4541BBB0EC8E2B23761F34F) has not been receiving the 'Stable' flag from the DA consensus. Up until recently (the past month or so) it had been assigned the full complement of flags. Nothing has been changed on the server and I am not aware of any issues. Would any of the directory authority operators be able to shed light on why some of the DAs are not assigning it the flag? Thanks!

3 3

Compression bomb from dizum
by Logforme 15 Nov '21

15 Nov '21

Got the following in my log today: Nov 06 18:19:01.000 [warn] Possible compression bomb; abandoning stream. Nov 06 18:19:01.000 [warn] Unable to decompress HTTP body (tried Zstandard compressed, on Directory connection (client reading) with 45.66.33.45:80). 45.66.33.45 is tor.dizum.com, a Tor directory authority. False positive or a problem generating directory info at dizum?

3 2

Questions about my tor node
by Bobby 15 Nov '21

15 Nov '21

Hello I'm running a tor node and I paid for a VPS for the express purposes of running that node. I have configured it to use almost all of the bandwidth of the VPS and then to allow bursts to use all of the bandwidth I have also set it to serve directory requests. The server also has 1GB of ram and 1 CPU core. Is this good enough to be helpful in the tor network?

4 3

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays